CVE-2022-40684CISA KEVEPSS p100.0%

CVE-2022-40684CVE-2022-40684

fortinet / fortiproxy

Description

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

Scoring

CVSS 9.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS99.98% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z
Last modified2026-06-17

CISA KEV entry

Added to KEV: 2022-10-11

(incoming)1

TypeTargetConfidenceTier
KEVEntryFortinet Multiple Products Authentication Bypass Vulnerabilitykev-cve-2022-406840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
CVE
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
CVE
CVE-2026-44277
CVE
Fortinet FortiClient EMS Improper Access Control Vulnerability
CVE
Fortinet FortiOS and FortiProxy Improper Authorization
CVE
CVE-2026-49938
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.